Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites

The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability.

N/A

相对路径遍历

file_selector_android 安全漏洞

file_selector_android是Flutter开源的一个 Flutter 软件包。 file_selector_android 0.5.1至0.5.1+11版本存在安全漏洞，该漏洞源于文件名缺少清理检查，容易受到恶意文档提供程序的攻击。

N/A

N/A